The Legal Case for Balancing Insight and Trust

Have you visited TripAdvisor recently? If so, you’ll know that whenever you browse a hotel, or travel to a city, TripAdvisor frequently follows that up with recommendations on other hotels nearby. And reminds you again the next day. And sometimes the next. You don’t remember asking TripAdvisor for this service—but you receive it nonetheless.

Is this convenience or intrusion? Many see it as interference. There is a gathering sense of unease among many people that intimate information about their lives—where they are located, their interests, preferences, friend networks and more—is no longer their own. Companies like TripAdvisor and thousands more like them are collecting this data and using it in ways consumers never imagined. And in many cases never asked for.

Legislating for this data and insight is like squeezing wallpaper bubbles: squeeze one and another pops up nearby. In today’s digital world, no single set of laws or policies can comfortably cover every consumer and every scenario. Of course, there are laws to cover the use of healthcare data, data on minors and other confidential issues; but there’s no laws to cover the multitude of emerging issues related to data and privacy rights of social and other data. Neither do they account for the implications when publicly available social data is combined with other organizational or third-party data sources.

The explosive growth of social data is set to add fuel to the flames. Billions of Facebook and Twitter posts, Tumblr comments, Bitly clicks, Instagram photos and more mean that the amount of available information about an individual’s attributes, behaviors, preferences and location is unprecedented.

Judy Selby, partner at the law firm Baker-Hostetler, believes that “legislation can’t keep up with technology and is not the right vehicle to govern what happens in this space.” Moreover, the Pew Center for Internet and Society, recently commented that privacy would eventually become a “luxury,” accessible only to those who could afford to pay more to keep their personal information private.

The law is fighting back though. One trend to watch is the emerging concern about how much data companies collect and control, because of the potential for data breaches, concerns over privacy and control of personal data, and fears over data monopolies—as these examples illustrate:

The Right to be ForgottenA Spanish citizen filed suit against a Spanish newspaper, Google Spain and Google, Inc., complaining that search results continued to surface an auction notice on his repossessed home, long after the issue had been resolved. This case is now known as “The Right to be Forgotten” ruling in the European Union (C 131/12).

Michiel Jonker, director of IT advisory at Grant Thornton, as “the gathering of data without a clear business reason or security strategy to protect the underlying information,” and stipulating that “data may only be processed for as long as there are clear and defined business purposes to do so.”

Sharing of geolocation dataIn California, Senator Mark Leno introduced Senate Bill 576, which “requires that consumers get a clear notice explaining how their location information will be used and shared when they install a new app. It also ensures that app users give expressed consent before their geolocation data can be collected and shared.

Concerns about data monopoliesIn the United States, public interest groups are urging the Federal Trade Commission to “probe consolidation among companies that hold massive stockpiles of consumer data, arguing that the competition watchdog should take the lead on ‘big data’ mergers.”

So there you have it. On the one hand, organizations will always want insight, while on the other, privacy is personal—and contextual. When those twin imperatives are out of balance, organizations fly blind customers become distrustful, and nobody wins.